Cloud key escrow system

ABSTRACT

Embodiments are directed to storing encrypted data in a data store and to securely providing access to the encrypted data according to a predefined policy. A data storage system receives encrypted data. The data is encrypted using a private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption and the policy prevents the storage system from unencrypting the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system decrypting the encrypted data. The data storage system can acknowledge that the received encrypted data has been verified and successfully stored.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is continuation from U.S. patent application Ser. No.15/608,704 entitled “CLOUD KEY ESCROW SYSTEM,” which was filed on May30, 2017, and which will issue as U.S. Pat. No. 10,348,696 on Jul. 9,2019, and which is incorporated by reference herein. U.S. patentapplication Ser. No. 15/608,704, in turn, was a continuation from U.S.patent application Ser. No. 14/542,904 entitled “CLOUD KEY ESCROWSYSTEM,” which was filed on Nov. 17, 2014, and which issued as U.S. Pat.No. 9,667,599 on May 30, 2017, and which is incorporated by referenceherein. U.S. patent application Ser. No. 14/542,904, in turn, was adivisional application from U.S. patent application Ser. No. 13/162,950entitled “CLOUD KEY ESCROW SYSTEM,” which was filed on Jun. 17, 2011,and which issued as U.S. Pat. No. 8,891,772 on Nov. 18, 2014, and whichis incorporated by reference herein. This application is also related toU.S. patent application Ser. No. 13/162,985 entitled “CLOUD KEYDIRECTORY FOR FEDERATING DATA EXCHANGES,” (now issued as U.S. Pat. No.8,627,508) which is incorporated by reference herein.

BACKGROUND

Computers have become highly integrated in the workforce, in the home,in mobile devices, and many other places. Computers can process massiveamounts of information quickly and efficiently. Software applicationsdesigned to run on computer systems allow users to perform a widevariety of functions including business applications, schoolwork,entertainment and more. Software applications are often designed toperform specific tasks, such as word processor applications for draftingdocuments, or email programs for sending, receiving and organizingemail.

In some cases, software applications may be designed to interact withother software applications or other computer systems. For example, anapplication may be designed to store files on a network server. Some ofthe files stored on the network server may be sensitive or confidential.The user may wish to restrict access to those files. The files may thenbe encrypted or otherwise protected with a password or other key. Theuser may not trust the network server to store the key, and may thusdesire to retain sole possession of the key. Such users, however, oftenlose (or forget) their passwords or keys. Moreover, other third partyusers may legitimately require access to the stored, encrypted files.

BRIEF SUMMARY

Embodiments described herein are directed to storing encrypted,third-party-accessible data in a data store and to providing third partydata access to the stored encrypted data according to a predefinedpolicy. In one embodiment, a data storage system receives encrypted datafrom source. The data is encrypted using a private key. The data storagesystem stores the received encrypted data in the data storage systemaccording to a predefined policy. The encryption prevents the storagesystem from gaining access to the encrypted data, while the policyallows the encrypted data to be released upon receiving a thresholdnumber of requests from verified third parties. The data storage systemimplements a verifiable secret sharing scheme to verify that theencrypted data can be reconstituted without the data storage systemaccessing the encrypted data. The data storage system also synchronouslyacknowledges to the source that the received encrypted data has beenverified and successfully stored.

In another embodiment, a data storage system receives a request from athird party to access stored, encrypted data, where the data is storedin the data storage system according to a predefined policy. Theencryption on the data prevents the storage system from gaining accessto the encrypted data, while the policy allows the encrypted data to bereleased upon receiving a threshold number of requests from verifiedthird parties. The data storage system sends a query to the verifiedthird parties, requesting permission from the verified third parties toaccess the stored, encrypted data according to the predefined policy.The data storage system receives permission from at least a thresholdnumber of the verified third parties and allows the requesting thirdparty to access the stored, encrypted data according to the predefinedpolicy.

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used as an aid in determining the scope of the claimed subjectmatter.

Additional features and advantages will be set forth in the descriptionwhich follows, and in part will be obvious from the description, or maybe learned by the practice of the teachings herein. Features andadvantages of the invention may be realized and obtained by means of theinstruments and combinations particularly pointed out in the appendedclaims. Features of the present invention will become more fullyapparent from the following description and appended claims, or may belearned by the practice of the invention as set forth hereinafter.

BRIEF DESCRIPTION OF THE DRAWINGS

To further clarify the above and other advantages and features ofembodiments of the present invention, a more particular description ofembodiments of the present invention will be rendered by reference tothe appended drawings. It is appreciated that these drawings depict onlytypical embodiments of the invention and are therefore not to beconsidered limiting of its scope. The invention will be described andexplained with additional specificity and detail through the use of theaccompanying drawings in which:

FIG. 1 illustrates a computer architecture in which embodiments of thepresent invention may operate including allowing a user to storeencrypted, third-party-accessible data in a data store.

FIG. 2 illustrates a flowchart of an example method for allowing a userto store encrypted, third-party-accessible data in a data store.

FIG. 3 illustrates a flowchart of an example method for providing thirdparty data access to a user's encrypted data according to a predefinedpolicy.

FIG. 4 illustrates a computer architecture in which third party dataaccess is provided to a user's encrypted data according to a predefinedpolicy.

DETAILED DESCRIPTION

Embodiments described herein are directed to allowing a user to storeencrypted, third-party-accessible data in a data store and to providingthird party data access to a user's encrypted data according to apredefined policy. In one embodiment, a data storage system receivesencrypted data from a user at a data storage system. The data isencrypted using the user's private key. The data storage system storesthe received encrypted data in the data storage system according to apredefined policy. The encryption prevents the storage system fromgaining access to the encrypted data, while the policy allows theencrypted data to be released upon receiving a threshold number ofrequests from verified third parties. The data storage system implementsa verifiable secret sharing scheme to verify that the encrypted data canbe reconstituted without the data storage system accessing the encrypteddata. The data storage system also synchronously acknowledges to theuser that the received encrypted data has been verified and successfullystored.

In another embodiment, a data storage system receives a request from athird party to access a user's stored, encrypted data, where the data isstored in the data storage system according to a predefined policy. Theencryption on the data prevents the storage system from gaining accessto the encrypted data, while the policy allows the encrypted data to bereleased upon receiving a threshold number of requests from verifiedthird parties. The data storage system sends a query to the verifiedthird parties, requesting permission from the verified third parties toaccess the user's stored, encrypted data according to the predefinedpolicy. The data storage system receives permission from at least athreshold number of the verified third parties and allows the requestingthird party to access the user's stored, encrypted data according to thepredefined policy.

The following discussion now refers to a number of methods and methodacts that may be performed. It should be noted, that although the methodacts may be discussed in a certain order or illustrated in a flow chartas occurring in a particular order, no particular ordering isnecessarily required unless specifically stated, or required because anact is dependent on another act being completed prior to the act beingperformed.

Embodiments of the present invention may comprise or utilize a specialpurpose or general-purpose computer including computer hardware, suchas, for example, one or more processors and system memory, as discussedin greater detail below. Embodiments within the scope of the presentinvention also include physical and other computer-readable media forcarrying or storing computer-executable instructions and/or datastructures. Such computer-readable media can be any available media thatcan be accessed by a general purpose or special purpose computer system.Computer-readable media that store computer-executable instructions inthe form of data are computer storage media. Computer-readable mediathat carry computer-executable instructions are transmission media.Thus, by way of example, and not limitation, embodiments of theinvention can comprise at least two distinctly different kinds ofcomputer-readable media: computer storage media and transmission media.

Computer storage media includes RAM, ROM, EEPROM, CD-ROM, solid statedrives (SSDs) that are based on RAM, Flash memory, phase-change memory(PCM), or other types of memory, or other optical disk storage, magneticdisk storage or other magnetic storage devices, or any other mediumwhich can be used to store desired program code means in the form ofcomputer-executable instructions, data or data structures and which canbe accessed by a general purpose or special purpose computer.

A “network” is defined as one or more data links and/or data switchesthat enable the transport of electronic data between computer systemsand/or modules and/or other electronic devices. When information istransferred or provided over a network (either hardwired, wireless, or acombination of hardwired or wireless) to a computer, the computerproperly views the connection as a transmission medium. Transmissionsmedia can include a network which can be used to carry data or desiredprogram code means in the form of computer-executable instructions or inthe form of data structures and which can be accessed by a generalpurpose or special purpose computer. Combinations of the above shouldalso be included within the scope of computer-readable media.

Further, upon reaching various computer system components, program codemeans in the form of computer-executable instructions or data structurescan be transferred automatically from transmission media to computerstorage media (or vice versa). For example, computer-executableinstructions or data structures received over a network or data link canbe buffered in RAM within a network interface module (e.g., a networkinterface card or “NIC”), and then eventually transferred to computersystem RAM and/or to less volatile computer storage media at a computersystem. Thus, it should be understood that computer storage media can beincluded in computer system components that also (or even primarily)utilize transmission media.

Computer-executable (or computer-interpretable) instructions comprise,for example, instructions which cause a general purpose computer,special purpose computer, or special purpose processing device toperform a certain function or group of functions. The computerexecutable instructions may be, for example, binaries, intermediateformat instructions such as assembly language, or even source code.Although the subject matter has been described in language specific tostructural features and/or methodological acts, it is to be understoodthat the subject matter defined in the appended claims is notnecessarily limited to the described features or acts described above.Rather, the described features and acts are disclosed as example formsof implementing the claims.

Those skilled in the art will appreciate that the invention may bepracticed in network computing environments with many types of computersystem configurations, including personal computers, desktop computers,laptop computers, message processors, hand-held devices, multi-processorsystems, microprocessor-based or programmable consumer electronics,network PCs, minicomputers, mainframe computers, mobile telephones,PDAs, pagers, routers, switches, and the like. The invention may also bepracticed in distributed system environments where local and remotecomputer systems that are linked (either by hardwired data links,wireless data links, or by a combination of hardwired and wireless datalinks) through a network, each perform tasks (e.g. cloud computing,cloud services and the like). In a distributed system environment,program modules may be located in both local and remote memory storagedevices.

FIG. 1 illustrates a computer architecture 100 in which the principlesof the present invention may be employed. Computer architecture 100includes data storage system 115. The data storage system may be anytype of distributed or local storage service or device, includingindividual or linked computer systems. In some cases, the data storagesystem may comprise the cloud (i.e. a vast network of interlinkedcomputer systems). The data storage system may include various modulesthat are used to complete specific tasks. For instance, the receivingmodule 120 may receive data, data requests, queries or other incomingmessages. The receiving module may, for example, receive encrypted data106 from user 105. The encrypted data may be stored in the data storagesystem by data storing module 125.

The encrypted data 106 may be encrypted at the user's computer system110. The user's data 111 may be encrypted using a private key 112. Theprivate key allows the user to access the encrypted data, but preventsthe data storage system from being able to access the data. In somecases, however, while the data storage system is not able to decrypt theuser's data, it may be necessary for an outside entity (e.g. agovernmental entity) to access the user's data. For example, in acriminal or other investigation, a third-party requestor 140 may requestaccess to the user's data. In such cases, the data storage system mayprovide the user's data to the third-party requestor according to apredefined policy.

The predefined policy 116 may specify that the user's data can bereleased to a verified third-party requestor if certain conditions aremet. For example, the policy may specify that if a threshold amount ofverified third parties 145 respond saying that it is ok for thethird-party requestor 140 to access the user's data, then the datastorage system will provide that data. This process will be explained ingreater detail below with regard to methods 200 and 300 of FIGS. 2 and3, as well as computing environment 400 of FIG. 4.

In view of the systems and architectures described above, methodologiesthat may be implemented in accordance with the disclosed subject matterwill be better appreciated with reference to the flow charts of FIGS. 2and 3. For purposes of simplicity of explanation, the methodologies areshown and described as a series of blocks. However, it should beunderstood and appreciated that the claimed subject matter is notlimited by the order of the blocks, as some blocks may occur indifferent orders and/or concurrently with other blocks from what isdepicted and described herein. Moreover, not all illustrated blocks maybe required to implement the methodologies described hereinafter.

FIG. 2 illustrates a flowchart of a method 200 for allowing a user tostore encrypted, third-party-accessible data in a data store. The method200 will now be described with frequent reference to the components anddata of environment 100.

Method 200 includes an act of receiving encrypted data from a user at adata storage system, wherein the encrypted data is encrypted using theuser's private key (act 210). For example, receiving module 120 of datastorage system 115 may receive encrypted data 106 from user 105. Theuser's data 111 is encrypted using private key 112 or some other form ofencryption. The encrypting takes place securely on the user's owncomputer system. This prevents the user from having to trust the datastorage system to do the encrypting. In some cases, the encrypted datamay include a cryptographic key belonging to the user. In cases wherethe data storage system is the cloud (or is part of the cloud), theuser's cryptographic key is encrypted off-cloud on the user's computersystem, maintaining privacy and trust. The user may also have a publickey that is made public in a secure manner using a secure service thatruns on the user's private (off-cloud) computer system.

Method 200 further includes an act of storing the received encrypteddata in the data storage system according to a predefined policy, theencryption preventing the storage system from gaining access to theencrypted data, the policy allowing the encrypted data to be releasedupon receiving a threshold number of requests from verified thirdparties (act 220). For example, data storing module 125 may store theencrypted data 106 according to predefined policy 116. The policy mayspecify that the user's data is to be stored in the storage system andthat no one will have access to the user's data unless a certain set ofcriteria are met. Those criteria may include having a certain number ofverified third parties validating a requestor's request for the user'sdata. If that threshold number of verified third parties does indicatethat the requestor can access the user's data, then the storage systemwill allow access to that user's data.

In some cases, the user may be able to modify the threshold number ofrequests from verified third parties in the policy that are to bereceived before the user's encrypted data is released. For instance, ifthe user wanted to strengthen the policy, the user could increase thenumber of third party vouchers that would have to be received before theuser's data would be released. Alternatively, the user could loosen thepolicy by decreasing the threshold number. Once a request comes in froma third party 140 (e.g. a user, a business, a legal entity orgovernmental entity, etc.) to access user 105's data, the data storagesystem may send a query 142 to multiple different verified third parties145. These verified third parties may be authenticated, trusted personssuch as judges, notaries public, government officials or other trustedpersons. Each verified third party may send his or her responses 146back to the computer system.

In cases where the encrypted data is a cryptographic key, that key maybe stored as a plurality of shares 126. The shares are mathematicaltransformations of the user's private key, and each share is provided toone of the verified third parties 145. Each verified third partypublishes his or her own public keys, and encrypts his or her share ofthe encrypted key using their published public key. The verified thirdparty shares encrypted according to the third partys' public keys arethen stored in the data storage system 115. Because the shares areencrypted according to the verified third parties' public/private keypair, the data storage system is prevented from accessing the encryptedshares, and is further prevented from accessing the user's data.

The shares may be generated in such a way that a threshold gate is usedto recreate the original key from those shares. This is the thresholdnumber referred to above. The predefined policy 116 may indicate thatthe threshold gate is a specified number or percentage of the totalnumber of shares. In this manner, when that specified number of verifiedthird party share holders 145 has requested release of the encrypteddata 160, the data storage system 115 provides the encrypted data to therequestor.

Thus, for example, if the received encrypted data 106 was split intofive pieces, it would be sent to five different verified third parties.Each of those five parties would encrypt their share and upload it tothe data storage system. Then, if a third-party requestor 140 requestedthe release of user 105's data 106, query 142 would be sent to each ofthe five verified third parties. The policy may indicate a thresholdgate of three (or a percentage of, for example, 51% or greater), oncethree verified third parties had responded 146 in the affirmative,indicating that the user's data could be released, the data storagesystem would release the data.

Additionally or alternatively, the policy may include furtherlimitations regarding specific verified third parties. For instance, thepolicy may specify a set of rules comprising Boolean logic thatindicates which specific verified third parties are to request releaseof the encrypted data before the data storage system will release theencrypted data. For example, the user may specify that verified thirdparties A, C, and D or E must give their approval, regardless of (or inaddition to) the total number (or percentage) of approvals received.Accordingly, many different policy options may be available involvingdifferent threshold numbers, percentages and specified verified thirdparties. Thus, the examples mentioned above should not be read aslimiting what limitations can be implemented in the predefined policy.

In some cases, the users and trusted third parties in this system may beable to used the cloud directory described in the related patentreferenced above (“Cloud Key Directory For Federating Data Exchanges”)for discovering each other, and for publishing information aboutthemselves to the others. Thus, a user may request information about athird party from the cloud key directory, and the directory may providethe information as allowed by the third party. Similarly, the thirdparty may request information about a particular user, and the cloud keydirectory will provide the data as allowed by the user. For specificdetails on this functionality, please review the reference, which isincorporated herein in its entirety.

Method 200 also includes an act of the data storage system implementinga verifiable secret sharing scheme to verify that the encrypted data canbe reconstituted without the data storage system accessing the encrypteddata (act 230). For example, verifiable secret sharing scheme 130 may beused to verify that encrypted data 016 can be reconstituted or reformedwithout the data storage system accessing the data. The verifiablesecret sharing scheme is a method for verifying data stored at a givenlocation without actually accessing that data. Thus, user 105'sencrypted data may be stored (e.g. as shares 126) and verified by thedata storage system. The verifiable secret sharing scheme performs theverification without opening or looking at the encrypted data. The datastorage system's communication module 135 synchronously acknowledges tothe user that the received encrypted data has been verified andsuccessfully stored (act 240). The communication module may sendacknowledgement 136 to the user to acknowledge the safe and verifiedstorage of the user's encrypted data.

Turning now to FIG. 3, FIG. 3 illustrates a flowchart of a method 300for providing third party data access to a user's encrypted dataaccording to a predefined policy. The method 300 will now be describedwith frequent reference to the components and data of environments 100and 400 of FIGS. 1 and 4, respectively.

Method 300 includes an act of receiving a request from a third party toaccess a user's stored, encrypted data, the data being stored in a datastorage system according to a predefined policy, the encryptionpreventing the storage system from gaining access to the encrypted data,the policy allowing the encrypted data to be released upon receiving athreshold number of requests from verified third parties (act 310). Forexample, third-party requestor 140 may request to access user 105'sstored data. The user's data may be stored in shares 126 according topredefined policy 116. As explained above, the user's data encryptionoccurs on the user's private computer system and, as such, prevents thedata storage system from accessing the data. The policy allowsthird-party requestors to access the user's data under certainconditions.

In some cases, the user's data may comprise, at least in part, acryptographic key. The user's data, including the key, may be stored inmultiple different shares. These shares are mathematical transformationsof the user's private key. Each share is provided to one of the verifiedthird parties 445. Each verified third party publishes his or her ownpublic keys 446 and encrypts their share of the encrypted key using hisor her published public key. The request 141 for permission to accessthe user's stored, encrypted data may include a request for eachverified third party to provide their assigned share to the data storagesystem 415. The verified third party shares encrypted according to thethird partys' public keys are stored in the data storage system. Theencrypted shares prevent the data storage system from accessing eitherthe shares or the user's data. It should also be noted that the verifiedthird parties' keys may be stored in the data storage system in keystorage 440.

Thus, method 300 includes an act of sending a query to a plurality ofthe verified third parties, requesting permission from the verifiedthird parties to access the user's stored, encrypted data according tothe predefined policy (act 320). Method 300 further includes an act ofreceiving permission from at least a threshold number of the verifiedthird parties (act 330). This threshold number may be modified by theuser to increase or decrease the strength of the policy. For example,user 405 may send a policy modification 406 to the policy updatingmodule 420 of storage system 415. The policy updating module may changethe policy according to the user's input. The user may change the numberfor the threshold amount, may change or add a threshold percentage, mayspecify certain verified third parties whose permission must bereceived, or may alter the policy in another manner. The updated policywill be used for any newly received third-party data requests.

Method 300 also includes an act of allowing the requesting third partyto access the user's stored, encrypted data according to the predefinedpolicy (act 340). For example, upon determining that a sufficient,threshold number of third party responses 146 have been received, thedata storage system may allow access to that data. In some cases, theuser themselves may request their stored data (e.g. in request 407). Thedata storage system may retrieve the user's data (using module 430) andsend the requested data 431 to the user. In this manner, a user maysecurely store their data in the data storage system, while stillallowing third-party data access when needed, according to auser-defined policy.

In some embodiments, instead of sending all of the data shares 126 toeach of the verified third parties, each verified third party maygenerate his or her own public/private key pairs and publish thosepublic keys to the data storage system. Then, the user has access to thepublic keys of all the third parties and may encrypt each share to thepublic key of that third party. This results in an encrypted file thatonly that third party whose key was used to encrypt the data can decryptit with their private key. Each of the shares may be stored in the datastorage system (in the cloud). The data storage system would thus haveaccess to all the stored shares, and if the threshold number of verifiedthird parties requests the user's data, the data storage system givesback the shares to each third party and he or she decrypts it with hisor her private key.

Accordingly, methods, systems and computer program products are providedwhich allow a user to store encrypted, third-party-accessible data in adistributed data storage system. Moreover, methods, systems and computerprogram products are provided which provide third party data access to auser's encrypted data according to a predefined policy. Once the policyconditions have been met, the user's encrypted data is shared with therequesting third party.

The present invention may be embodied in other specific forms withoutdeparting from its spirit or essential characteristics. The describedembodiments are to be considered in all respects only as illustrativeand not restrictive. The scope of the invention is, therefore, indicatedby the appended claims rather than by the foregoing description. Allchanges which come within the meaning and range of equivalency of theclaims are to be embraced within their scope.

We claim:
 1. A computer implemented method for securely storingencrypted data and providing access to the stored encrypted dataaccording to a predefined policy, the method comprising: receiving arequest to access stored, encrypted data, the encrypted data beingstored in a data storage system according to a predefined policy, theencryption preventing the storage system from accessing unencrypted datadecrypted from the encrypted data, the policy allowing the encrypteddata to be provided to an authorized entity only upon receivingpermission to access the data from a threshold number of verified thirdparties; in response to receiving the request to access the stored,encrypted data, sending a query to a plurality of the verified thirdparties, the query requesting permission from the verified third partiesto access the stored, encrypted data according to the predefined policy;receiving a response to the query from at least a threshold number ofthe verified third parties, each received response including permissionto access the stored, encrypted data; and in response to receivingpermission to access the stored, encrypted data from at least athreshold number of the verified third parties, allowing the requestingparty to access the user's stored, encrypted data according to thepredefined policy.